8- Safety and security

ICT By Engineer Amina Dessouky 1

8.1 Physical security
8.1.1 Health aspects
• Health risks were discussed in details in chapter 5, one more risk is:
Ozone irritation caused by laser printers in an office area (dry skin, respiratory problems, etc)
Ways of eliminating or minimizing risk
• Proper ventilation should exist to remove the ozone gas as quickly as possible.
• Laser printers should be housed in a designed printer room
• Change to other types of printers if necessary
8.1.2 Safety aspects
• Safety risks were discussed in details in chapter 5.
It would be a good idea if you keep checking cables & wires to replace the damage ones, making
sure all drinks are well away from computers, electric outlets are not overloaded, computers are
not covered in away ventilation holes are blocked and you must exercise every hour or so to
prevent health risks.
Another good idea is to carry out an ergonomic assessment on your work station, this can be
checked online to help you setup your station in a good way.

ICT By Engineer Amina Dessouky 2

8.2 E-safety
E-safety refers to safety when using the internet, meaning to keep personal data safe and
applies to any of the following devices:
• Mobile phones
• Computers or tablets
• Games console
• Wireless technology
Personal data means anything that is related to your way of living and can identify you as:
• Name, address, date of birth, medical history and banking details
Some people find the following sensitive personal data:
• Ethnic origin, political views, religion, criminal activity….

ICT By Engineer Amina Dessouky 3

 8.2 E-safety
While using ICT keep in mind the following list to maintain you e-safety:
Don’t give out any personal information to any unknown especially online.
Don’t send yours or other people’s photos through mobile or online unless you know whom you are sending to.
Always maintain your privacy setting on whatever device is being used online or during communications.
When accessing the internet make sure the website being visited is trusted and when searching for any information set your device to
“safe search” and uses the highest level of security.
Only use websites recommended by teachers and only use a learner-friendly search engine.
Only open emails form known source and block / delete emails in your spam box.
Email only the people you know, and never include the school’s name or photo of student wearing school uniform in any mail.
You must be very careful when using social networking sites, instant messaging or chat rooms:
• Block or report anybody who acts suspiciously or use inappropriate language.
• Be very careful with the language used in chat rooms
• Always use nickname and never you real name.
• Keep your private and personal data secret
• Avoid private chat rooms as it requires your phone number and email address.
• Never arrange meetings with someone for first time on your own
• Always tell an adult first and meet this person in public place
• Avoid images misuse
• Avoid inappropriate language
• Always respect people’s confidentiality

ICT By Engineer Amina Dessouky 4

8.2 E-safety
You must also be careful when using online gaming since this carries its own risks. Some
of the known risks as:
• Violence in the game itself can lead to violent behavior in reality
• People who prey on others who they see as vulnerable
• Cyber bullying ( sending messages intimidating or threatening people)
• Be aware of the risk of using webcam
• Be aware of voice making technology it is used to disguise a voice so you can’t tell their
sex, age or even their accent.
• Online games are also source of cyber attacks on a user’s computer or mobile phone-
viruses, phishing, or spyware are some examples of problems associated with certain
online gaming.

ICT By Engineer Amina Dessouky 5

8.3 Security of data
Be careful when you are working online or using the internet for leisure. Watch out for
suspicious emails and websites, and people claiming to be someone or something they aren’t.
• Hacking
• Phishing
• Smishing
• Vishing
• Pharming
• Spyware
• Viruses
• Spam
• Moderated and unmoderated forms
• cookies

ICT By Engineer Amina Dessouky 6

8.3 Security of data
8.3.1 Hacking

ICT By Engineer Amina Dessouky 7

8.3 Security of data
8.3.2 Phishing

ICT By Engineer Amina Dessouky 8

8.3 Security of data

Smishing (SMS phishing) uses SMS systems of mobile phones to send fake text messages.
• The goal of smishing is to capture people's personal information. In order to do this,
"smishers" send out mass text messages designed to capture the recipients' attention.
• Some messages may provide a fake incentive, such as "You have won a free gift card,
visit this website to claim your prize." If you click on a link in the text message, you will
be directed to a fraudulent website that will ask you to enter your personal information,
such as your name, address, phone number, and email address. In some cases, a
smishing website will ask you to enter your bank account information or social security
number.
Vishing (voice mail phishing) another variation of phishing using voice mail message to
trick the user into calling the phone number contained in the message.
• As all phishing attacks, user will be asked to supply personal data thinking they are talking
to a legitimate company.

ICT By Engineer Amina Dessouky 9

8.3 Security of data

• 8.3.3 Pharming

ICT By Engineer Amina Dessouky 10

8.3 Security of data
8.3.4 Spyware and key-logging software

ICT By Engineer Amina Dessouky 11

8.3 Security of data
8.3.5 Viruses

ICT By Engineer Amina Dessouky 12

8.3 Security of data
8.3.6 Spam
Spam emails offer all kinds of things like money, prizes and very low prices for products that are normally very
expensive. They can contain malware malware: Software that is designed to cause harm or damage to a
computer.
Spam is very difficult to avoid but are ways to reduce it:
• Use a spam filter – most email clients try to stop spam from reaching you by using a spam filter. It recognises
common spam emails and stops them from getting through. Check your spam email regularly as sometimes
real emails are mistaken for spam.
• Do not sign up to commercial mailing list.
• Set your email protection level to high or to safe list only. Make sure junk mail filter is kept up to date.
• Block images in HTML messages that spammers use as web beacons (web beacon can be a graphic image,
linked to an external web server, it is used to verify that your email is valid as soon as message is opened and
image is downloaded.
• Do not give your email address out – if you don’t trust the website or if supplying your email address is
optional, don’t give it to them.
• Keep an eye out for tick boxes – when you sign up to a website (online shopping), it might try to sign you up to
its newsletter. Read the small print next to the tick boxes carefully.

ICT By Engineer Amina Dessouky 13

8.3 Security of data
8.3.7 Moderated and unmoderated forums
A moderated forum is an online discussion forum in which all posts are checked by an
administrator before they are allowed to be posted. The moderator can not only prevent
spam, but also filter out any posts that are inappropriate, rude or offensive, or even those that
wander off the main topic.

8.3.8 Cookies
Cookies are small files or code that are stored on a user’s computer. They are sent by a web
server to a user’s computer. Each cookie is effectively a small look-up table containing pairs of
(key, data) values. The data gathered by cookies forms an anonymous user profile and doesn’t
contain personal data such as passwords or credit/debit card numbers. Cookies are very
efficient way of carrying data from one website session to another or even between sessions
on related websites.
Use of secure server is always advised, it supports any major security protocols such as
SSL/TLS that encrypt & decrypt messages to protect them against third party eavesdropping.

ICT By Engineer Amina Dessouky 14

8.4 Additional security of data online
• Firewalls
• Security protocols
• Encryption
• authentication

ICT By Engineer Amina Dessouky 15

8.4 Additional security of data online
8.4.1 Firewall
A firewall monitors connections to and from your computer. If it spots something suspicious, it closes the connection
or disconnects it. Most operating systems include a firewall and it should be turned on by default.
Number of tasks carried by firewall:
o Examine the traffic between a user’s computer & public network (for example, the internet)
o Checks whether incoming or outgoing data meets a given set of criteria, if data fails the criteria, firewall blocks
the traffic & gives the user a warning.
o Criteria can be set so that firewall prevents access certain undesirable sites & it can keep a list all undesirable IP
address.
o Firewall can be used to log all incoming & outgoing traffic to allow later interrogation by users.
o Firewall can also prevent hackers gaining access to a computer or network &sometimes it can prevent viruses.
The firewall can be hardware interface that is located somewhere between the computer & the internet
connection in which case it is often known as gateway
Circumstances where firewall can’t prevent potential harmful traffic:
o Cannot prevent individuals, on the internet, using their own modems to bypass the firewall.
o Employee carelessness can’t be controlled by firewall (control of password or user account)
o Users on stand-alone computers can choose to disable the firewall, leaving their computer open to harmful
traffic from internet.

ICT By Engineer Amina Dessouky 16

8.4 Additional security of data online

8.4.2 Security protocol

• Secure Sockets Layer (SSL)
Once the verification company establishes the legitimacy of an organization and the
associated website, they will issue an SSL certificate (for the small fee of a few hundred
dollars). This digital certificate is installed on the Web server and will be viewable when a
user enters a secure area of the website. You can tell you are visiting a secure page when
the URL starts with "https." To view the certificate, click the lock icon near one of the edges
of your browser window.

ICT By Engineer Amina Dessouky 17

8.4 Additional security of data online
8.4.2 Security protocol
• Transport Layer Security (TLS)
TLS is similar to SSL but is a more recent security system. TLS is designed to provide encryption,
authentication and data integrity (maintaining accuracy & consistency of data) in more effective
way than SSL.
TLS is formed of two layers:
• Record Protocol: this part of communication can be used with or without encryption.
• Handshake Protocol: permits the website and user to authenticate each other and to make
use of encryption algorithms (a secure session between user and website is established)
Main differences between SSL & TLS:
• It is possible to extend TLS by adding new authentication methods
• TLS can make use of session caching, which improves the overall performance compared to SSL
• TLS separates the handshaking process from the record protocol (layer) which holds all the data.

ICT By Engineer Amina Dessouky 18

8.4 Additional security of data online

8.4.2 Security protocol

Session caching:
• The computer requires a lot of time to open the TLS that is why the session caching is
used to avoid the need of utilize so much computer time for each connection. TLS either
establishes a new session or attempt to resume an existing session. Resuming an existing
session can boost system performance considerably.
Cache is the collection of processed data that is kept on hand and reused in order to avoid
costly repeated database queries.

ICT By Engineer Amina Dessouky 19

8.4 Additional security of data online
8.4.3 Encryption
Encryption uses a secret key that has the capability of altering the characters in a message.
This makes it unreadable unless the recipient also has the same secret key.
The key used to encrypt (or encode) the message is known as encryption key; the key used
to decrypt the message is known as decryption key. When the message is encrypted it
becomes cypher script; the original one is called plain text.

Encryption key

Encryption process Cypher script

Plain text

ICT By Engineer Amina Dessouky 20

8.4 Additional security of data online
8.4.4 Authentication
Authentication is used to verify that data comes from secure & trusted source. It works with
encryption to strengthen internet security.
Digital certificates:
Is a pair of files stored on a user’s computer, these are used in the security of data sent over the
internet. Each pair of files divided into:
• Public key ( which is known by anyone)
• Private key (known only by the user)
When sending an email a digital certificate is made up of the following is used to verify the email:
• Sender’s email address
• Name of the owner digital certificate
• Serial number
• Expiry date (date range during which the certificate is valid)
• Public key (to encrypt the message & for digital signature)
• Digital signature of certificate authority (CA)

ICT By Engineer Amina Dessouky 21

8.4 Additional security of data online
8.4.4 Authentication
Passwords:
A combination of letters & numbers make what is known by Password this allows user to
log on to a system.
To protect the system, users are only allowed to type in their passwords a certain number
of times (usually 3 times in maximum)
If a user forgets his password when using the internet, they can request it to be sent by
email.
Password must be changed on regular basis in case it become known to another user.
It is often necessary to use a user ID & password to log in, this gives an additional security
level.

ICT By Engineer Amina Dessouky 22

8.4 Additional security of data online
8.4.4 Authentication
Biometrics:
Biometrics relies on certain characteristics of human beings:
• Fingerprint scans
• Signature recognition
• Retina scans
• Iris recognition
• Face recognition
• Voice recognition

ICT By Engineer Amina Dessouky 23

8.4 Additional security of data online
Comparison of the six common biometric techniques
Biometric Comparative Comparative Devices needed Social What can interfere
technique accuracy cost acceptability with the procedure
Fingerprint High accuracy medium scanner medium Damage finger
scans
Signature Low accuracy medium An optical pen high Signature can change
recognition with time
Retina scans High accuracy high Digital camera low Irritation of the eye
Iris scan High accuracy high Digital camera low Wearing of glasses
Face recognition Medium-low medium Digital camera high Facial hair or glasses
accuracy
Voice Medium medium microphone high Background noise or
recognition accuracy person has a cold

ICT By Engineer Amina Dessouky 24

8.4 Additional security of data online
Online credit fraud:
Online credit card fraud is still common in spite of all security systems provided:
• hackers gaining access to a use’s computer through the use of spyware.
• if password is weak or no encryption is used then it is relatively easy task to break and allow illegal access to bank &
credit card accounts.
• It is a good idea to always type in a web address or URL rather than copy & paste.
• In case of using wireless technology, it is very important for internet access to be password controlled.
• In case of using Wi-Fi ‘hotspot’ you must be careful that somebody is monitoring internet usage & try to tap to the data
that is going to and from any computer
There are number of precautions:
• Always used varied & complex password for all your accounts
• Check the accuracy of bank accounts continually
• Only provide personal information on sites that have https
• Don’t provide personal information to any unsolicited requests.
• Don’t open emails or attachments from unknown senders
• Delete any messages from your spam folder on regular basis
• Report any suspicious phishing activity to the company
• Only download software from trusted sites

ICT By Engineer Amina Dessouky 26

8.4 Additional security of data online
Cloud security:
Several computer & mobile manufacturers encourage customers to store or backup their
files on cloud.
Users purchase cloud storage & can access their files from anywhere.
Advantages:
• No need to carry memory sticks around
• No need to pay for large storage capacity on your computer
• The cloud is controlled by external companies, they will ensure that your files are backed
up & reduce the possibility of losing irreplaceable data.
• The ability to synchronise files ensures they are automatically updated across all devices
• Cloud storage is also ideal for collaboration purpose; allows several users to edit and
collaborate on a single file or document.

ICT By Engineer Amina Dessouky 27

8.4 Additional security of data online
Cloud security:
Data security:
Companies that transfer vast amount of confidential data from their systems to a cloud
service provider are effectively relinquishing control of their own data security. This raises
some questions:
• Why physical security exists regarding the building where data is housed?
• How good is the cloud service provider’s resistance to natural disasters or power cuts?
• What safeguards exit regarding personnel who work for the cloud service company?

ICT By Engineer Amina Dessouky 28

8.4 Additional security of data online
Cloud security:
Data loss
There is a risk that important & irreplaceable data could be lost from cloud storage
facilities. Actions from hackers could lead to loss or corruption of data.
Three breaches of security involving two of the largest cloud service providers showed
fears that made people a little nervous of using such facility to store important files:
• The XEN security threat, which forced several cloud operators to reboot all their cloud
servers
• Recent case where large cloud service provider permanently lost data during a routine
backup procedure
• The celebrity photos cloud hacking scandal
All of these reasons made individuals & companies nervous about using cloud service
provider.
ICT By Engineer Amina Dessouky 29